Herbert Smith Freehills ("HSF") is an international legal practice. We are committed to safeguarding the privacy of information provided to us and information about visitors to our HSF website and any other associated websites under our control (together our "Websites"). HSF is the data controller of any personal information provided to us when you use our services as set out in section 2 below.
Our contact details are set out at section 13 below.
- when you request information from us or provide information to us;
- when you or the organisation you work for engages our legal and other services;
- when you or the organisation you work for are a counterparty, or provide services to a counterparty, of one or more of our clients;
- as a result of your relationship with one or more of our clients, including when you or the organisation you work for is a regulator, government agency, court, tribunal or other law enforcement agency;
- when you apply for a role or work placement opportunity, open day or recruitment event with us;
- when you complete application forms on our Websites;
- when you attend our seminars or other hosted events;
- when we conduct open source searches on you in connection with our business acceptance or business development processes;
- when you visit our Websites and online services (including our mobile apps);
- if you are an alumni of the firm; and
- when you are entered onto our mailing lists to receive publications and other marketing emails (please see section 11 for more information).
3. Information collection
We will collect personal information directly from you, from our clients or their counterparties and authorised representatives.
We may also collect personal information from third parties such as regulatory authorities, your employer, other organisations with whom you have dealings, government agencies, credit reporting agencies, recruitment agencies, information or service providers, publicly available records and the third parties described in section 5: ‘Disclosure of your information’ below.
We may collect current and historical personal information including your name (including name prefix or title), contact details (such as your postal address, email address and phone number(s)), nationality, identification, gender, organisation, business interests, employment, positions held, special categories of data (such as race and ethnicity, trade union membership, information about health or information, political opinions or religious beliefs), billing and financial information (such as billing address, bank account and payment information) and enquiry/complaint details. We may also collect personal information about your other dealings with us and our clients, including any contact we have with you in person, by telephone, email or online.
When you use our online services, we may collect the following:
- information you provide by completing subscription, registration and application forms (including when you submit material or request further services);
- information you provide to us if you contact us, for example to report a problem with our online services or raise a query or comment; and
- details of visits made to our online services such as the volume of traffic received, logs (including, the internet protocol (IP) address and location of the device connecting to the online services and other identifiers about the device and the nature of the visit) and the resources accessed.
Careers and Recruitment
If you apply for a job or work placement you may need to provide information about your education, employment, racial background and state of health. Your application will constitute your express consent to our use of this information to assess your application and to allow us to carry out both recruitment analytics and any monitoring activities which may be required of us under applicable law as an employer. We may also carry out screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks) and consider you for other positions. We may disclose your personal information (including diversity and equal opportunities data) to academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics and diversity research providers, referees and your current and previous employers. We may also collect your personal information from these parties in some circumstances. Without your personal information we may not be able to progress considering you for positions with us.
4. Use of your information
We may use your personal information if:
- it is necessary for the performance of a contract with you or the organisation you work for; or
- necessary in connection with a legal or regulatory obligation; or
- you have provided your consent (where necessary) to such use or the organisation that you work for has obtained your consent (where necessary); or
- we (or a third-party) have a legitimate interest which is not overridden by your interests or your rights and freedoms; or
- we are otherwise required or authorised by law.
We may use your information to:
- provide and improve our services and products to you or the organisation you work for (including auditing and monitoring use of those services and products);
- maintain and develop our relationship with you and our clients;
- monitor and analyse our business;
- facilitate our internal business operations;
- fulfil our legal, regulatory (including in relation to anti-money laundering or sanction requirements), accounting, reporting, risk management or professional obligations;
- identify services you may be interested in;
- send you legal updates, publications, marketing and details of events (please see section 11 for more information);
- protect, establish, exercise or defend legal rights; and
- process and respond to requests, enquiries or complaints received from you.
We may not be able to do these things without your personal information.
We will only retain your personal information for as long as is reasonably necessary in the circumstances. Personal information provided in connection with the provision of our legal services will be retained in accordance with the firm's retention policies unless we agree otherwise with you, in writing. Our online services may have different retention periods which you will be notified of separately when you access those services. If you wish to know more about the firm’s retention policies or any of the firm’s different retention periods, please contact firstname.lastname@example.org.
5. Sharing information across our global network
We may share your information with HSF offices, branches, subsidiaries and associated firms around the world (please see section 13 below for a link to the geographical locations of our offices). If, in the future, we re-organise or transfer all or part of our business, we may need to transfer your information to new entities or third parties through which our business will be carried out.
6. Disclosure of your information
We may share your information with third parties including:
- our clients, your professional advisers and your employers or place of business;
- third parties involved in the provisions of services to clients including barristers, local counsel and other professional advisers;
- our professional advisers, auditors and insurers;
- third party service providers to whom we outsource services, for example archival, auditing, reference checking, professional advisory (including legal, accounting, financial and business consulting), IT support, mailing house, delivery, website, social media, research, banking, payment, client contact, data processing, insurance, forensic, litigation support, data room, marketing and security services;
- third party technology organisations, including cloud service providers, such as data storage platforms;
- third parties with whom we have co-promotional arrangements (such as jointly sponsored events);
- third parties who carry out research and analyses of our services and products on our behalf; or
- regulatory authorities, courts, tribunals, government agencies, law enforcement agencies and other third parties.
Please be aware that your personal information may be accessed by third parties and by our HSF offices from countries whose laws provide various levels of protection for personal data which are not always equivalent to the level of protection that may be provided in your own country. Where we transfer your information internationally we will take reasonable steps to ensure that your information is treated securely and the means of transfer provides adequate safeguards.
Some of your personal information may be stored with, and managed by a cloud service provider located in a different country to the HSF office you are instructing.
If you have any questions in relation to the transfer of your personal information, please contact us at email@example.com.
We take reasonable steps to hold information securely in electronic or physical form and to prevent unauthorised access, modification or disclosure. Our information security policy is supported by a number of security standards, processes and procedures and we store information in access controlled premises or in electronic databases requiring logins and passwords. We require our third party data storage providers to comply with appropriate information security industry standards. All partners and staff and third party providers with access to confidential information are subject to confidentiality obligations.
The transmission of information via the internet is not completely secure. We cannot guarantee the security of your data transmitted to our online services; any transmission is at your own risk.
9. Third party sites
Our Websites contain links to other sites which are controlled by third parties.
Visitors should consult these other sites' privacy policies and please be aware that we do not accept responsibility for their use of information about you.
10. Your rights
The privacy laws of some jurisdictions may give you the right to access, amend or erase your personal information or, in some circumstances, to restrict or object to the processing of your personal information.
If you would like to request a copy of your data, or would like to take steps to exercise any of your rights please contact us in writing as set out below. We may refuse to provide access and may charge a fee for access if the relevant legislation allows us to do so, in which case we will provide reasons for our decision as required by law.
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the rights to withdraw your consent for that specific processing at any time.
Information we hold about you should be up-to-date and accurate. Please advise us in writing of any changes to your information using the contact details set out in section 13 below.
11. If you do not want to receive marketing information from us
If you receive marketing materials relating to our services by email or post, you may withdraw your consent for us to send these to you at any time, by using the “unsubscribe” option included in the email or other material. Alternatively, you can let us know your preferences by sending an email to firstname.lastname@example.org.
12. Status of this Policy
13. Contact and further information
To find out more about HSF entities, please visit www.herbertsmithfreehills.com/where-we-work.
Herbert Smith Freehills LLP
Attention: Clare Wilson
Telephone: +44 20 7374 8000
Or call your local HSF office.
You may also have the right to submit a complaint to the relevant supervisory authority in your jurisdiction.
If you make a privacy complaint, we will respond to let you know how your complaint will be handled. We may ask you for further details, consult with other parties and keep records regarding your complaint.
Last updated: May 2019.